Non-secure device inclusion in Silicon Labs Z-Wave PIR Sensor
CVE-2025-10693

7.6HIGH

Key Information:

Vendor: Silabs.com
Status: Silicon Labs Z-wave Sdk
Vendor: CVE Published:; 31 October 2025

What is CVE-2025-10693?

This vulnerability occurs when the SmartStart Inclusion process fails during the onboarding of a Z-Wave PIR sensor, allowing the sensor to join the network without proper security measures. As a result, the device is incorporated as a non-secure entity, potentially exposing the network to unauthorized access and compromised operations. The issue is specific to Silicon Labs' Z-Wave PIR Sensor Reference Design included in software versions SiSDK v2025.6.0 and v2025.6.1, highlighting the importance of secure device onboarding in IoT environments.

Affected Version(s)

Silicon Labs Z-Wave SDK 2025.6.0 <= 2025.6.1

References

https://community.silabs.com/068Vm00000WN3J0

vendor-advisorypermissions-required

CVSS V4

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Sep 18, 2025

JSON

Silabs.com

What is CVE-2025-10693?

Affected Version(s)

References

CVSS V4

Timeline